The dangers of stovepipe security

The recent events with Sony have got me thinking about the dangers of “stovepipe” security… (

A stovepipe is an organizational structure hinders cross organizational communications and collaboration.  It can be theorized that the different  sub companies / groups within Sony worked in a stove pipe security type model. There was likely no over-arching security guidance / policy or common, authoritative security department.

Large enterprises should always have a clear and common security policy and a common corporate security department. Information about attacks and fixes at one department should be shared with others in an effort to combat any further damage.

Lastly an organization should follow standard security standards like the ISO 27002  ( Why re-invent the wheel when proven, practical methodology already exists?